Part of a comprehensive analysis of the Electronic Transactions Act 2010
All Parts in This Series
Key Provisions Governing Certification Authorities under the Electronic Transactions Act 2010
The Electronic Transactions Act 2010 (ETA 2010) establishes a comprehensive legal framework for the operation of certification authorities (CAs) in Singapore. These provisions are designed to ensure the integrity, reliability, and trustworthiness of electronic certificates, which underpin secure electronic transactions. This analysis focuses on the key statutory provisions regulating certification authorities, their purposes, and the operational safeguards embedded within the Act.
Section 12: Requirement for Trustworthy Systems
"A certification authority must utilise trustworthy systems in performing its services." — Section 12, Electronic Transactions Act 2010
Verify Section 12 in source document →
Section 12 mandates that certification authorities employ trustworthy systems when providing their certification services. This provision exists to ensure that the technical and procedural infrastructure used by CAs is robust, secure, and reliable. The rationale is to prevent fraudulent issuance or misuse of certificates, which could compromise the security of electronic transactions. By requiring trustworthy systems, the Act promotes confidence among users relying on digital certificates for authentication and encryption.
Section 13: Disclosure Obligations of Certification Authorities
"A certification authority shall disclose the certificate, certification practice statement, suspension or revocation notices, and material adverse facts." — Section 13, Electronic Transactions Act 2010
Verify Section 13 in source document →
Section 13 imposes comprehensive disclosure obligations on certification authorities. This includes the publication of certificates issued, the certification practice statement (CPS), notices of suspension or revocation of certificates, and any material adverse facts affecting the validity or reliability of certificates. The purpose of this provision is to maintain transparency and provide relying parties with up-to-date information necessary to assess the validity of certificates. This ensures that users can make informed decisions and mitigates the risk of reliance on compromised or invalid certificates.
Section 14: Conditions for Issuance of Certificates
"A certification authority shall issue certificates only upon receipt of requests, compliance with certification practice statements, and verification of subscriber identity and key validity." — Section 14, Electronic Transactions Act 2010
Verify Section 14 in source document →
Section 14 sets out the procedural safeguards that certification authorities must observe before issuing certificates. These include receiving a formal request from the subscriber, ensuring compliance with the CPS, and verifying the identity of the subscriber as well as the validity of the public key to be certified. This provision exists to prevent unauthorized issuance of certificates and to uphold the integrity of the certification process. Verification of identity and key validity is critical to ensuring that certificates accurately represent the subscriber’s credentials and cryptographic keys.
Section 15: Representations Made by Certification Authorities upon Issuance
"Upon issuance of certificates, a certification authority represents compliance with applicable requirements and the accuracy of the information contained therein." — Section 15, Electronic Transactions Act 2010
Verify Section 15 in source document →
Section 15 requires certification authorities to make explicit representations regarding their compliance with the Act and the accuracy of the information contained in the certificates they issue. This provision serves to allocate responsibility and accountability to the CA for the reliability of the certificates. It reassures relying parties that the certificates have been issued in accordance with prescribed standards and that the information therein can be trusted for electronic transactions.
Section 16: Suspension of Certificates
"A certification authority shall suspend certificates upon request by the subscriber or authorized persons." — Section 16, Electronic Transactions Act 2010
Verify Section 16 in source document →
Section 16 empowers subscribers or authorized persons to request the suspension of certificates. Suspension temporarily invalidates a certificate without revoking it, allowing for a pause in its use while issues are resolved. This provision exists to provide a mechanism for mitigating risks when a certificate’s security is potentially compromised or when the subscriber’s status changes. It offers flexibility and responsiveness in managing certificate validity.
Sections 17 and 18: Revocation of Certificates
"A certification authority shall revoke certificates upon request, death, dissolution, or other specified grounds." — Sections 17 and 18, Electronic Transactions Act 2010
Verify source in source document →
Sections 17 and 18 outline the grounds and procedures for revoking certificates. Revocation is a permanent invalidation of a certificate, which may occur upon the subscriber’s request, or automatically upon events such as the subscriber’s death or dissolution. Other specified grounds may include compromise of the private key or breach of certification terms. This provision is essential to maintaining the trustworthiness of the certification system by ensuring that certificates no longer valid or reliable are promptly removed from circulation.
Sections 19 and 20: Publication of Suspension and Revocation Notices
"A certification authority must publish notices of suspension and revocation in specified repositories." — Sections 19 and 20, Electronic Transactions Act 2010
Verify source in source document →
Sections 19 and 20 require certification authorities to publish notices of suspension and revocation in designated repositories accessible to relying parties. This ensures that users checking the status of certificates have access to current and authoritative information. The purpose is to prevent reliance on certificates that have been suspended or revoked, thereby protecting the integrity of electronic transactions and reducing the risk of fraud or misuse.
Conclusion
The provisions governing certification authorities under the Electronic Transactions Act 2010 collectively establish a rigorous framework to ensure the security, reliability, and transparency of electronic certificates in Singapore. By mandating trustworthy systems, imposing disclosure obligations, regulating issuance, and providing mechanisms for suspension and revocation, the Act safeguards the interests of subscribers and relying parties alike. These statutory requirements underpin the trust infrastructure essential for secure electronic commerce and communication.
Sections Covered in This Analysis
- Section 12
- Section 13
- Section 14
- Section 15
- Section 16
- Sections 17 and 18
- Sections 19 and 20
Source Documents
For the authoritative text, consult SSO.